Customers warned

as hackers target

cosmetics retailer

Megan Levy
February 15, 2011

Thousands of online shoppers who recently purchased items from the popular cosmetics group Lush have been warned to contact their banks after the company’s Australian and New Zealand website was targeted by hackers.

Lush has taken down its website this morning and replaced it with a statement warning that customers’ personal details, including credit card numbers, may have been compromised.

‘‘We urgently advise customers who have placed an online order with Lush Australia and New Zealand to contact their bank to discuss if cancelling their credit cards is advisable,’’ the company’s website says.

It follows a similar attack on the UK branch of the handmade cosmetics company last month, during which anyone who placed an online order between 4 October and 20 January was exposed to the privacy breach.

Following that attack, many Lush customers reported that their cards had been used fraudulently.

In today’s statement, Lush said the Australian and New Zealand websites were not linked to the Lush UK website, but had been separately targeted.

‘‘As a precautionary matter we have removed access to our website while we carry out further security checks,’’ the statement says.

‘‘Lush is working with the police, forensic investigators and banks and doing all that we can to investigate the breach in privacy.

‘‘We are currently in the process of contacting each of our online customers individually by email.’’

The security breach has not affected customers who used the mail order phone line, the statement says.

‘‘Again, we would like to say that we are truly sorry and thank all our customers for standing shoulder to shoulder with us during this difficult time,’’ the website says.

Lush has previously been praised by green campaigners for not using animal fats in its products, as well as its stance against animal testing. Tests are performed on human volunteers instead.




Sourced & published by Henry Sapiecha

Leave a Reply